Antivirus XP 2008 Malware Wave Continues

Sunday, 2008-August-10 at 14:57 7 comments

The Panda US Security Blog reports that the crooks behind Antivirus XP 2008 are using faked CNN News Alert e-mails to send people to malware infector sites, where people are told to download a new codec to view the alert. This codec turns out to be Antivirus XP 2008. It also shows up as a fake update to IE 7.

In my dealings with the product, I find that some users are getting it from e-mailed spam messages, while others are picking it up from sites they found during Web searches. I’ve been wondering if a plain-text e-mail system would help, but it certainly could not hurt.

Bill Mullins notes that the next version, Antivirus XP 2009, is already out. I cannot vouch for his recommended products or sites, since I have not heard of any of them. Use them at your own risk. However, his general synopsis of the malicious fake security software is accurate.

Surprisingly, having ultra-tight settings in IE7 did not seem to prevent installation. I’d be interested in learning whether Firefox-using networks and Opera-using networks are also having problems with this software popping up. In the meantime, use common sense: avoid going to questionable sites, don’t open e-mail or IM messages from people you do not know, don’t open unexpected attachments, and call your local support staff immediately if you get a strange browser pop-up message about antivirus or antispyware or other security software. If your local support is your neighbor’s 13 year-old, turn the computer off and then call him after school.

Entry filed under: Uncategorized. Tags: .

Tasting Better With Linux Mac Gets 2 More Native ODF Apps

7 Comments

  • 1. thomas  |  Thursday, 2008-August-21 at 19:52

    As a freelance home/small business techo, I am run off my feet with this and only having 90% success rate. Cleaned PCs using Malware bytes, smitfraudfix (though out of date, it helps reset display settings) and searching manually in ststem32 and user/application data for random files/folders. Have definately seen firefox infected – anything I try to download to fix the problem is saved as a virus. Can’t governments track these people (probably organised crime through the credit card links?)

  • 2. John  |  Thursday, 2008-August-28 at 03:14

    And what a lesson becoming complacent about keeping my security software up to date this became!

    Firefox is not immune.

    Malwarebytes cleaned most of it from my machine, and the new AVG Resident Shield blocks it.

  • 3. John  |  Thursday, 2008-August-28 at 03:15

    And to Thomas:

    They already have, but the offender is in Russia and so is outside of their jurisdiction.

  • 4. William Hollar  |  Wednesday, 2008-September-03 at 08:32

    Nothing I have tried works. Spyhunter recognizes the trogan but is unable to clear it on reboot, Spyzooka cleans it with each scan, but on reboot the virus is still there.

  • 5. Jim Spaloss  |  Thursday, 2008-October-02 at 11:44

    Combo fix works well for this.

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • 6. Always Get / Make Restore CD « Opportunity Knocks  |  Tuesday, 2008-October-14 at 09:14

    […] 2008-October-14 As is normal when I come home for a few days, I got a call from someone whose computer is infested by malware (possibly Antivirus XP 2009). I said right up front, “I’m not driving to your house, […]

  • 7. Philip Lillies  |  Tuesday, 2009-March-24 at 16:26

    My wife’s computer became infected with Antivirus XP. We tried everything, even reformatted the hard drive. The virus was gone, but the computer still kept showing error messages and ran really slowly.

    Finally, we ran memtest and it failed, bang. It didn’t even get through the cache. So I thought to go into the BIOS and disable the cache, but there was no cache. In fact, it was almost empty.

    I thought that was strange, so I popped out the battery from the hold and let the machine sit for half an hour. Then I put the battery back in and rebooted. Voila. A normal BIOS re-appeared.

    Conclusion. The virus must have written to the CMOS, so if you want to completely get rid of the infection, you will need to clear the CMOS.

    Hope this helps.

    -Phil L.


RSS Slingshot

  • An error has occurred; the feed is probably down. Try again later.

RSS Unknown Feed

  • An error has occurred; the feed is probably down. Try again later.

RSS Unknown Feed

  • An error has occurred; the feed is probably down. Try again later.

RSS Owner Managed Business

  • An error has occurred; the feed is probably down. Try again later.

Archives

Recent Posts

Blog Stats

  • 596,445 hits

SUBSCRIBE


%d bloggers like this: